Indiana University
University Information Technology Services
  
What are archived documents?
Login>>
Login

Login is for authorized groups (e.g., UITS, OVPIT, and TCC) that need access to specialized Knowledge Base documents. Otherwise, simply use the Knowledge Base without logging in.

Close

While attempting to connect to the IU VPN server, why do I get a message that the server is not responding or is unable to complete a connection?

IU Secure is the wireless network for students, faculty, and staff to access when on campus. IU Secure uses WPA2 Enterprise (Wi-Fi Protected Access) for authentication; no VPN is needed. IU Northwest will have IU Secure by spring semester 2010; it is available at all other campuses except IPFW.

Note: When connecting from off campus, SSL VPN is the replacement for IU's IPsec- and PPTP-based VPN services, and UITS recommends using it now if your campus supports it. PPTP is retired at IU Bloomington and IUPUI, and IPsec VPN service at those campuses will be retired by fall 2010.

Provided you have already completed the instructions for your operating system, your VPN connection problems are probably caused by a local firewall or the use of private addressing through a router or Internet-connection-sharing software.

Firewalls

If you are running a firewall, try disabling it temporarily. In Windows, most of these software packages will add an icon to your system tray on the bottom right corner of your screen, next to the clock. Usually you can use this icon to enable or disable the firewall. If disabling the firewall allows use of the VPN, you should be able to add the name of the VPN server (Indiana University Bloomington: ipsec.indiana.edu; IUPUI: ipsec.iupui.edu) to your firewall's allowed hosts list, re-enable the firewall, and successfully connect to the IU VPN.

Note: Norton Internet Security and Norton Personal Firewall frequently cause problems for Windows computers trying to connect to IU VPN. UITS recommends using Symantec AntiVirus instead.

Private addressing

Private IP addresses (or reserved IP addresses) are most frequently used within a local, private network. Computers with private IP addresses that need to access the Internet first go through the process of Network Address Translation (NAT). In many broadband situations, NAT is performed by a DSL router, cable router, proxy server, or Internet-connection-sharing software.

Such solutions allow multiple computers to access the Internet using only one public IP address. Attempting to connect to the VPN from behind a NAT will sometimes fail. Most of the time, the NAT can be configured to pass the proper ports and protocols (the IPsec ports are UDP 500 and 1701; the PPTP port is TCP 1723; the GRE protocol is IP 47; the ESP and AH ports are IP 50 and 51 respectively), but not always.

If your computer's IP address falls into one of the following ranges (where  x  is any number from 0-255), either talk to your ISP about changing to a public IP address, or contact the manufacturer of your router, proxy server, or NAT device about how to configure it to pass VPN connections through:

10.x.x.x 172.16.x.x 172.31.x.x 192.168.x.x

For instructions on how to view your current IP address, see How do I determine my computer's IP address?

Note: The following information may also be helpful when establishing a VPN connection:

This is document akkn in domain all.
Last modified on October 12, 2009.

Comments/Questions/Corrections

Use this form to offer suggestions, corrections, and additions to the Knowledge Base. We welcome your input!

If you are affiliated with Indiana University and would like assistance with a specific computing problem, please use the Ask a Consultant form, or contact your campus Support Center.

Contact Information

Note: We will reply to your comment at this address. If your message concerns a problem receiving email, please enter an alternate email address.